SP-Fuzz: Fuzzing Soft PLC with Semi-automated Harness Synthesis

SP-Fuzz: Fuzzing Soft PLC with Semi-automated Harness Synthesis

연구 분야: Analysis

학회: International Conference on Information Security Applications

A programmable logic controller (PLC) is an essential component to automatically control field devices in the industrial control system (ICS). Before the PLC is deployed in the field, vulnerabilities should be removed in advance by sufficiently testing the runtime. However, commercial soft PLCs have a closed-source ecosystem, and it is difficult to find vulnerabilities using fuzzing due to the non-stop operational characteristics. To address this problem, several studies have been presented for testing the soft PLCs with a fuzz harness, a small code snippet replicating the target. Unfortunately, most of them are not clearly show how to synthesize the harness and rely on extreme reverse engineering. In this paper, we propose SP-Fuzz, a toolkit for fuzzing soft PLCs by overcoming these challenges. SP-Fuzz provides a semi-automated method to create a fuzz harness based on collecting context information during the execution of PLC runtime. The fuzzer uncovers potential vulnerabilities by testing synthesized harnesses without directly testing the PLC runtime. In an evaluation with known vulnerabilities, SP-Fuzz successfully synthesized the harness and reproduced the vulnerabilities.